> > While I realize DHCPd isn't a security program of any kind, this > does have to do with it. So I just switched our entire > network over to > DHCP assigned IPs in preparation for another project. But in doing > that, I've come to realize that anyone could plug in their machine and > manually set their IP address and by-pass the DHCP discovery all > together. And thus also gaining access to our internal network, > something we might not necassarily want to allow. So the > question now Even before you enabled DHCP, if someone could plug into your network, they could manually set an IP address. The first issue of course is the physical security of your internal network. I assume you do not have RJ45 connections out in the parking lot :-). You might want to look at who would have access to a port on your internal network. If you do not like the answer to that question, you have to look at the physical security to your servers or client machines. If someone can lay hands on your machines, there is no security. You then have to start looking at protection of the data itself. That becomes a much more involved issue. Protecting SMB shares is different than protecting NFS mount points. Do you have NIS or LDAP? Netgroups? Sorry I don't have a direct answer, but these are issues you may want to ponder. Bob Styma